CVE-2022-33984

Name of the Vulnerable Software and Affected Versions InsydeH2O UEFI firmware kernel versions prior to 5.2: 05.27.25 InsydeH2O UEFI firmware kernel versions prior to 5.3: 05.36.25 InsydeH2O UEFI firmware kernel versions prior to 5.4: 05.44.25 InsydeH2O UEFI firmware kernel versions prior to 5.5: 05.52.25

Description The issue is related to DMA transactions targeted at input buffers used for the SdMmcDevice software SMI handler, which could cause SMRAM corruption through a Time-of-Check-to-Time-of-Use (TOCTOU) attack. This was discovered by Insyde engineering based on a description provided by Intel's iSTARE group.

Recommendations For kernel versions prior to 5.2: 05.27.25, update to kernel 5.2: 05.27.25 or later. For kernel versions prior to 5.3: 05.36.25, update to kernel 5.3: 05.36.25 or later. For kernel versions prior to 5.4: 05.44.25, update to kernel 5.4: 05.44.25 or later. For kernel versions prior to 5.5: 05.52.25, update to kernel 5.5: 05.52.25 or later.